diff options
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 329 |
1 files changed, 160 insertions, 169 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 689a682de3..d613c87728 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -368,41 +368,6 @@ function still_on_time($extra_time = 15) } /** -* Hash the password -* -* @deprecated 3.1.0-a2 (To be removed: 3.3.0) -* -* @param string $password Password to be hashed -* -* @return string|bool Password hash or false if something went wrong during hashing -*/ -function phpbb_hash($password) -{ - global $phpbb_container; - - $passwords_manager = $phpbb_container->get('passwords.manager'); - return $passwords_manager->hash($password); -} - -/** -* Check for correct password -* -* @deprecated 3.1.0-a2 (To be removed: 3.3.0) -* -* @param string $password The password in plain text -* @param string $hash The stored password hash -* -* @return bool Returns true if the password is correct, false if not. -*/ -function phpbb_check_hash($password, $hash) -{ - global $phpbb_container; - - $passwords_manager = $phpbb_container->get('passwords.manager'); - return $passwords_manager->check($password, $hash); -} - -/** * Hashes an email address to a big integer * * @param string $email Email address @@ -885,46 +850,6 @@ else } } -/** -* Eliminates useless . and .. components from specified path. -* -* Deprecated, use filesystem class instead -* -* @param string $path Path to clean -* @return string Cleaned path -* -* @deprecated -*/ -function phpbb_clean_path($path) -{ - global $phpbb_path_helper, $phpbb_container; - - if (!$phpbb_path_helper && $phpbb_container) - { - $phpbb_path_helper = $phpbb_container->get('path_helper'); - } - else if (!$phpbb_path_helper) - { - // The container is not yet loaded, use a new instance - if (!class_exists('\phpbb\path_helper')) - { - global $phpbb_root_path, $phpEx; - require($phpbb_root_path . 'phpbb/path_helper.' . $phpEx); - } - - $phpbb_path_helper = new phpbb\path_helper( - new phpbb\symfony_request( - new phpbb\request\request() - ), - new phpbb\filesystem(), - $phpbb_root_path, - $phpEx - ); - } - - return $phpbb_path_helper->clean_path($path); -} - // functions used for building option fields /** @@ -1080,24 +1005,6 @@ function phpbb_get_timezone_identifiers($selected_timezone) } /** -* Pick a timezone -* -* @param string $default A timezone to select -* @param boolean $truncate Shall we truncate the options text -* -* @return string Returns the options for timezone selector only -* -* @deprecated -*/ -function tz_select($default = '', $truncate = false) -{ - global $user; - - $timezone_select = phpbb_timezone_select($user, $default, $truncate); - return $timezone_select['tz_select']; -} - -/** * Options to pick a timezone and date/time * * @param \phpbb\user $user Object of the current user @@ -2097,7 +2004,7 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) * the global one (false) * @var bool|string append_sid_overwrite Overwrite function (string * URL) or not (false) - * @since 3.1-A1 + * @since 3.1.0-a1 */ $vars = array('url', 'params', 'is_amp', 'session_id', 'append_sid_overwrite'); extract($phpbb_dispatcher->trigger_event('core.append_sid', compact($vars))); @@ -2419,8 +2326,9 @@ function reapply_sid($url) */ function build_url($strip_vars = false) { - global $user, $phpbb_root_path; + global $config, $user, $phpbb_path_helper; + $php_ext = $phpbb_path_helper->get_php_ext(); $page = $user->page['page']; // We need to be cautious here. @@ -2432,66 +2340,28 @@ function build_url($strip_vars = false) // URL if ($url_parts === false || empty($url_parts['scheme']) || empty($url_parts['host'])) { - $page = $phpbb_root_path . $page; + // Remove 'app.php/' from the page, when rewrite is enabled + if ($config['enable_mod_rewrite'] && strpos($page, 'app.' . $php_ext . '/') === 0) + { + $page = substr($page, strlen('app.' . $php_ext . '/')); + } + + $page = $phpbb_path_helper->get_phpbb_root_path() . $page; } // Append SID $redirect = append_sid($page, false, false); - // Add delimiter if not there... - if (strpos($redirect, '?') === false) + if ($strip_vars !== false) { - $redirect .= '?'; + $redirect = $phpbb_path_helper->strip_url_params($redirect, $strip_vars, false); } - - // Strip vars... - if ($strip_vars !== false && strpos($redirect, '?') !== false) + else { - if (!is_array($strip_vars)) - { - $strip_vars = array($strip_vars); - } - - $query = $_query = array(); - - $args = substr($redirect, strpos($redirect, '?') + 1); - $args = ($args) ? explode('&', $args) : array(); - $redirect = substr($redirect, 0, strpos($redirect, '?')); - - foreach ($args as $argument) - { - $arguments = explode('=', $argument); - $key = $arguments[0]; - unset($arguments[0]); - - if ($key === '') - { - continue; - } - - $query[$key] = implode('=', $arguments); - } - - // Strip the vars off - foreach ($strip_vars as $strip) - { - if (isset($query[$strip])) - { - unset($query[$strip]); - } - } - - // Glue the remaining parts together... already urlencoded - foreach ($query as $key => $value) - { - $_query[] = $key . '=' . $value; - } - $query = implode('&', $_query); - - $redirect .= ($query) ? '?' . $query : ''; + $redirect = str_replace('&', '&', $redirect); } - return str_replace('&', '&', $redirect); + return $redirect . ((strpos($redirect, '?') === false) ? '?' : ''); } /** @@ -2506,19 +2376,19 @@ function meta_refresh($time, $url, $disable_cd_check = false) { global $template, $refresh_data, $request; + $url = redirect($url, true, $disable_cd_check); if ($request->is_ajax()) { $refresh_data = array( 'time' => $time, - 'url' => str_replace('&', '&', $url) + 'url' => $url, ); } else { - $url = redirect($url, true, $disable_cd_check); + // For XHTML compatibility we change back & to & $url = str_replace('&', '&', $url); - // For XHTML compatibility we change back & to & $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="' . $time . '; url=' . $url . '" />') ); @@ -2748,7 +2618,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo } else { - page_header(((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]), false); + page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]); } $template->set_filenames(array( @@ -2781,7 +2651,6 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo WHERE user_id = " . $user->data['user_id']; $db->sql_query($sql); - if ($request->is_ajax()) { $u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id; @@ -3025,7 +2894,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa 'PASSWORD_CREDENTIAL' => ($admin) ? 'password_' . $credential : 'password', )); - page_header($user->lang['LOGIN'], false); + page_header($user->lang['LOGIN']); $template->set_filenames(array( 'body' => 'login_body.html') @@ -3101,7 +2970,7 @@ function login_forum_box($forum_data) $template->assign_var('LOGIN_ERROR', $user->lang['WRONG_PASSWORD']); } - page_header($user->lang['LOGIN'], false); + page_header($user->lang['LOGIN']); $template->assign_vars(array( 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '', @@ -3192,7 +3061,7 @@ function parse_cfg_file($filename, $lines = false) } // Determine first occurrence, since in values the equal sign is allowed - $key = strtolower(trim(substr($line, 0, $delim_pos))); + $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos)))); $value = trim(substr($line, $delim_pos + 1)); if (in_array($value, array('off', 'false', '0'))) @@ -3209,7 +3078,11 @@ function parse_cfg_file($filename, $lines = false) } else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) { - $value = substr($value, 1, sizeof($value)-2); + $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); + } + else + { + $value = htmlspecialchars($value); } $parsed_items[$key] = $value; @@ -3914,6 +3787,16 @@ function msg_handler($errno, $msg_text, $errfile, $errline) if (defined('IN_INSTALL') || defined('DEBUG') || isset($auth) && $auth->acl_get('a_')) { $msg_text = $log_text; + + // If this is defined there already was some output + // So let's not break it + if (defined('IN_DB_UPDATE')) + { + echo '<div class="errorbox">' . $msg_text . '</div>'; + + $db->sql_return_on_error(true); + phpbb_end_update($cache, $config); + } } if ((defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db)) @@ -4010,7 +3893,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline) } else { - page_header($msg_title, false); + page_header($msg_title); } } @@ -4110,7 +3993,7 @@ function obtain_guest_count($item_id = 0, $item = 'forum') // Get number of online guests - if ($db->sql_layer === 'sqlite') + if ($db->sql_layer === 'sqlite' || $db->sql_layer === 'sqlite3') { $sql = 'SELECT COUNT(session_ip) as num_guests FROM ( @@ -4685,9 +4568,95 @@ function phpbb_build_hidden_fields_for_query_params($request, $exclude = null) } /** +* Get user avatar +* +* @param array $user_row Row from the users table +* @param string $alt Optional language string for alt tag within image, can be a language key or text +* @param bool $ignore_config Ignores the config-setting, to be still able to view the avatar in the UCP +* +* @return string Avatar html +*/ +function phpbb_get_user_avatar($user_row, $alt = 'USER_AVATAR', $ignore_config = false) +{ + $row = \phpbb\avatar\manager::clean_row($user_row, 'user'); + return phpbb_get_avatar($row, $alt, $ignore_config); +} + +/** +* Get group avatar +* +* @param array $group_row Row from the groups table +* @param string $alt Optional language string for alt tag within image, can be a language key or text +* @param bool $ignore_config Ignores the config-setting, to be still able to view the avatar in the UCP +* +* @return string Avatar html +*/ +function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false) +{ + $row = \phpbb\avatar\manager::clean_row($user_row, 'group'); + return phpbb_get_avatar($row, $alt, $ignore_config); +} + +/** +* Get avatar +* +* @param array $row Row cleaned by \phpbb\avatar\driver\driver::clean_row +* @param string $alt Optional language string for alt tag within image, can be a language key or text +* @param bool $ignore_config Ignores the config-setting, to be still able to view the avatar in the UCP +* +* @return string Avatar html +*/ +function phpbb_get_avatar($row, $alt, $ignore_config = false) +{ + global $user, $config, $cache, $phpbb_root_path, $phpEx; + global $request; + global $phpbb_container; + + if (!$config['allow_avatar'] && !$ignore_config) + { + return ''; + } + + $avatar_data = array( + 'src' => $row['avatar'], + 'width' => $row['avatar_width'], + 'height' => $row['avatar_height'], + ); + + $phpbb_avatar_manager = $phpbb_container->get('avatar.manager'); + $driver = $phpbb_avatar_manager->get_driver($row['avatar_type'], $ignore_config); + $html = ''; + + if ($driver) + { + $html = $driver->get_custom_html($user, $row, $alt); + if (!empty($html)) + { + return $html; + } + + $avatar_data = $driver->get_data($row, $ignore_config); + } + else + { + $avatar_data['src'] = ''; + } + + if (!empty($avatar_data['src'])) + { + $html = '<img src="' . $avatar_data['src'] . '" ' . + ($avatar_data['width'] ? ('width="' . $avatar_data['width'] . '" ') : '') . + ($avatar_data['height'] ? ('height="' . $avatar_data['height'] . '" ') : '') . + 'alt="' . ((!empty($user->lang[$alt])) ? $user->lang[$alt] : $alt) . '" />'; + } + + return $html; +} + +/** * Generate page header */ -function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') +function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum') { global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path; global $phpbb_dispatcher, $request, $phpbb_container, $phpbb_admin_path; @@ -4714,7 +4683,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 * @var int item_id Restrict online users to item id * @var bool page_header_override Shall we return instead of running * the rest of page_header() - * @since 3.1-A1 + * @since 3.1.0-a1 */ $vars = array('page_title', 'display_online_list', 'item_id', 'item', 'page_header_override'); extract($phpbb_dispatcher->trigger_event('core.page_header', compact($vars))); @@ -4751,7 +4720,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 if ($user->data['user_id'] != ANONYMOUS) { $u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id); - $l_login_logout = sprintf($user->lang['LOGOUT_USER'], $user->data['username']); + $l_login_logout = $user->lang['LOGOUT']; } else { @@ -4890,7 +4859,6 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 } } - $hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f')); $notification_mark_hash = generate_link_hash('mark_all_notifications_read'); // The following assigns all _common_ variables that may be used at any point in a template. @@ -4905,9 +4873,10 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'TOTAL_USERS_ONLINE' => $l_online_users, 'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => $l_online_record, - 'PRIVATE_MESSAGE_COUNT' => (!empty($user->data['user_unread_privmsg'])) ? $user->data['user_unread_privmsg'] : 0, - 'HIDDEN_FIELDS_FOR_JUMPBOX' => $hidden_fields_for_jumpbox, + 'PRIVATE_MESSAGE_COUNT' => (!empty($user->data['user_unread_privmsg'])) ? $user->data['user_unread_privmsg'] : 0, + 'CURRENT_USER_AVATAR' => phpbb_get_user_avatar($user->data), + 'CURRENT_USERNAME_FULL' => get_username_string('full', $user->data['user_id'], $user->data['username'], $user->data['user_colour']), 'UNREAD_NOTIFICATIONS_COUNT' => ($notifications !== false) ? $notifications['unread_count'] : '', 'NOTIFICATIONS_COUNT' => ($notifications !== false) ? $notifications['unread_count'] : '', 'U_VIEW_ALL_NOTIFICATIONS' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_notifications'), @@ -4940,6 +4909,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'U_SITE_HOME' => $config['site_home_url'], 'U_REGISTER' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'), 'U_PROFILE' => append_sid("{$phpbb_root_path}ucp.$phpEx"), + 'U_USER_PROFILE' => get_username_string('profile', $user->data['user_id'], $user->data['username'], $user->data['user_colour']), 'U_MODCP' => append_sid("{$phpbb_root_path}mcp.$phpEx", false, true, $user->session_id), 'U_FAQ' => append_sid("{$phpbb_root_path}faq.$phpEx"), 'U_SEARCH_SELF' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=egosearch'), @@ -4948,7 +4918,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'U_SEARCH_UNREAD' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'), 'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'), 'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'), - 'U_TEAM' => ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'), + 'U_TEAM' => ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'), 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'), 'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '', @@ -4977,7 +4947,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), + 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))), 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, @@ -5004,7 +4974,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/", 'T_STYLESHEET_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/stylesheet.css?assets_version=' . $config['assets_version'], 'T_STYLESHEET_LANG_LINK' => "{$web_path}styles/" . rawurlencode($user->style['style_path']) . '/theme/' . $user->lang_name . '/stylesheet.css?assets_version=' . $config['assets_version'], - 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.js?assets_version=" . $config['assets_version'], + 'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery.min.js?assets_version=" . $config['assets_version'], 'S_ALLOW_CDN' => !empty($config['allow_cdn']), 'T_THEME_NAME' => rawurlencode($user->style['style_path']), @@ -5022,6 +4992,22 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'SITE_LOGO_IMG' => $user->img('site_logo'), )); + /** + * Execute code and/or overwrite _common_ template variables after they have been assigned. + * + * @event core.page_header_after + * @var string page_title Page title + * @var bool display_online_list Do we display online users list + * @var string item Restrict online users to a certain + * session item, e.g. forum for + * session_forum_id + * @var int item_id Restrict online users to item id + * + * @since 3.1.0-b3 + */ + $vars = array('page_title', 'display_online_list', 'item_id', 'item'); + extract($phpbb_dispatcher->trigger_event('core.page_header_after', compact($vars))); + // application/xhtml+xml not used because of IE header('Content-type: text/html; charset=UTF-8'); @@ -5060,7 +5046,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = * @var bool run_cron Shall we run cron tasks * @var bool page_footer_override Shall we return instead of running * the rest of page_footer() - * @since 3.1-A1 + * @since 3.1.0-a1 */ $vars = array('run_cron', 'page_footer_override'); extract($phpbb_dispatcher->trigger_event('core.page_footer', compact($vars))); @@ -5109,7 +5095,7 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = // Call cron-type script $call_cron = false; - if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot']) + if (!defined('IN_CRON') && !$config['use_system_cron'] && $run_cron && !$config['board_disable'] && !$user->data['is_bot'] && !$cache->get('cron.lock_check')) { $call_cron = true; $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time(); @@ -5130,7 +5116,8 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = // Call cron job? if ($call_cron) { - global $cron; + global $phpbb_container; + $cron = $phpbb_container->get('cron.manager'); $task = $cron->find_one_ready_task(); if ($task) @@ -5138,6 +5125,10 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler = $url = $task->get_url(); $template->assign_var('RUN_CRON_TASK', '<img src="' . $url . '" width="1" height="1" alt="cron" />'); } + else + { + $cache->put('cron.lock_check', true, 300); + } } if ($display_template) @@ -5168,7 +5159,7 @@ function garbage_collection() * Unload some objects, to free some memory, before we finish our task * * @event core.garbage_collection - * @since 3.1-A1 + * @since 3.1.0-a1 */ $phpbb_dispatcher->dispatch('core.garbage_collection'); } |